1

I am looking to get a list of users that belong to a specific group 'groupName' is passed into the private method. 

 DirectoryEntry de = new DirectoryEntry("LDAP://DC=xxxx,DC=net"); // Root Directory //
 var ds = new DirectorySearcher(de);
 ds.PropertiesToLoad.Add("SAMAccountName");
 ds.PropertiesToLoad.Add("member");
 ds.Filter = "(&(objectClass=group)(SAMAccountName=" + groupName + "))";
 SearchResultCollection AllGroupUsers;     
 AllGroupUsers = ds.FindAll();

The query returns 3 properties :- adspath, accountName and member. Member is what I am really after.I access the member property and its values as the following piece of code demonstrates:-

 if (AllGroupUsers.Count > 0)
   {
     ResultPropertyValueCollection values = AllGroupUsers[0].Properties["member"];

but something strange happens here. On the RHS of the equal sign, AllGroupUsers has a value for a specific member as "CN=Mike Schoomaker R,........"

While on the LHS of the equal sign, values has "CN=Mike Schoomaker (OR),....."

I am not quite sure how this is possible... It doesn't happen for each and every value under AllGroupUsers... only thing I know is it happens for external users on the active directory... Can anyone show me how I can fix this and get the actual firstName, LastName and MiddleInitial ?

Philo
  • 1,931
  • 12
  • 39
  • 77
  • Are you familiar with PrincipalContext you can get group users as well I will post an example – MethodMan Jan 06 '16 at 22:14
  • other working examples here.. http://stackoverflow.com/questions/5309988/how-to-get-the-groups-of-a-user-in-active-directory-c-asp-net do a simple google search – MethodMan Jan 06 '16 at 22:25

2 Answers2

1
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
    // find a user
    using (var group = GroupPrincipal.FindByIdentity(ctx, "groupName"))
    {
        if (group == null)
        {
            MessageBox.Show("Group does not exist");
        }
        else
        {
            var users = group.GetMembers(true);
            foreach (UserPrincipal user in users)
            {
                //user variable has the details about the user 
            }
         } 
      }
}
MethodMan
  • 18,625
  • 6
  • 34
  • 52
  • you can do the same with the GroupName I will edit and show you one sec – MethodMan Jan 06 '16 at 22:19
  • I am trying to solve a puzzle, not make it just work...I have already seen the examples you have posted. Thanks – Philo Jan 06 '16 at 22:28
  • 1
    Thank you MethodMan ; this is exactly what I was looking for and works perfectly for grabbing users that belong to a particular AD group; not sure why this isn't the accepted answer, but you got my vote !! Thank you. – Matthew M. Nov 14 '17 at 16:35
0

To get a user, not a group you should set DirectoryEntry object and use corresponding properties (e.g. displayName, sn, givenName, initials)

Example:

...    
AllGroupUsers = ds.FindAll();
if (AllGroupUsers.Count > 0) {
    ResultPropertyValueCollection values = AllGroupUsers[0].Properties["member"];
    foreach (string s in values) 
    {
        DirectoryEntry u = new DirectoryEntry("LDAP://" + s);  
        Console.WriteLine(u.Properties["displayName"].Value);
    }
}
user2316116
  • 6,726
  • 1
  • 21
  • 35